back to article Big Blue securo-bods warn of dire Dyre Wolf AMONG WOLVES

Infosec experts have spotted a nasty variant of a banking malware – dubbed Dyre Wolf – which involves a sophisticated two-factor authentication workaround that has apparently led to the theft of more than $1m from the biz world. Wrongdoers have demonstrated what IBM Security described as "a brazen twist from the once-simple …

  1. This post has been deleted by its author

    1. Mark 85

      There's no accounting for user's actions... They open attachments, install nasty software, hit dodgy websites, and call numbers with no questions asked without ever thinking about it. You seem surprised.

      1. This post has been deleted by its author

    2. GBE

      Users are like that.

      A couple years ago a got a phone call claiming to be from a large brokerage and financial services firm. The caller said there was something in my account that needed to be updated, but first she needed my birth date, account numbers, and social security number to confirm my identity.

      I said I'd call back on the corporation's toll-free number. She said she'd put a note in my account so that whoever got my call would know what needed to be done. Before I hung up, I asked her if people usually provide all that information over the phone when she calls them out of the blue like that.

      She said "always".

      At that point, I realized that Bruce Schneier was right. Crypto can't solve the problem: the weak point in computer and network security is in the the wetware.

      [I then hung up, called the company's toll-free number, the

      aforementioned note was on my account, and we took care of whatever it

      was that needed to be done.]

  2. Richard Jones 1
    WTF?

    I am not the big bad wolf I'm granny with a sore throat.

    It worked so well for children's stories that the same ruse works on grown (groan) ups. There was a time when banks and customers, especially large customers had a relationship. Now anything goes, the customer's clerk does not know who they are calling anyway and probably has no idea which is the right number to call. One could ask what happened to training, but as the instructions are all 'on screen' training is not needed and 'we must save money'.

    Yes to give it to the crooks!

    1. Anonymous Coward
      Anonymous Coward

      Re: I am not the big bad wolf I'm granny with a sore throat.

      Today's "youff" probably have never heard that story.

  3. dloughlin

    I really don't understand why admins allow users to execute anything that isn't installed on the machine already.

    Letting people download and execute exes is just stupid these days.

    Software restriction polices are more important that AV

    1. This post has been deleted by its author

  4. x 7

    typical of IBM, they can't even get the name right.

    The real animal (happily now extinct) is known as the Dire Wolf, not the Dyer Wolf

    http://en.wikipedia.org/wiki/Dire_wolf

    1. TeeCee Gold badge
      Facepalm

      Of course if it actually were an extinct wolf rather than a variant of the Dyre[1] malware they were talking about, you'd have a point.

      But it isn't. So you don't. You muppet.

      [1] Clearly spelled as such throughout the article and the referenced one, so heck knows where you got "Dyer" from.

  5. Anonymous Coward
    Anonymous Coward

    Callbacks before sending?

    Why aren't these banks performing callbacks to the official, protected phone number kept on file with each customer, prior to sending the wire?

    Every one of these banks should be shamed. STUPID! Small-town banks in the US routinely do this.

  6. Anonymous Coward
    Anonymous Coward

    Because

    the reason banks and customers don't do all the things you have suggested is that they are real normal people and not borderline autistic software developers who spend their life online and have no concept of reality.

    1. Anonymous Coward
      Anonymous Coward

      Re: Because

      So you're saying we should leave ourselves to get suckered into some social engineering con?

  7. Will Godfrey Silver badge
    Unhappy

    Bad News

    I would say I've no sympathy for the organisations that get scammed, but the bottom line is that it's us that eventually have to foot the bill.

  8. Alistair
    Boffin

    ummm.. what?

    "is that the attackers are bold enough to use the same phone number for each website"

    The image *implies* that it would be a toll free number...

    Aren't those "toll free numbers" tracked somewhere? Or are these folks putting up some nasty bugger's cellphone number?

    I suppose the software could be set up to pull that info from a server somewhere out there ...

    If any *real* amount of $$$ had been sucked up from any company of any size this would already have been shut down. Sadly the SME's that are likely getting hit are *too small to be bailed out*.

  9. Stevie

    Bah!

    Given the numerous grammatical errors in the graphic I wonder if the "IBM" advisory wasn't another disinformation spear of the Dyre Wolf attack.

    1. Anonymous Coward
      Anonymous Coward

      Re: Bah!

      Such as ..?

      1. Stevie

        Re: Bah!

        Sweet Azathoth's nebular nodes. If I can spot them they are howlers. What are they teaching in the schools these days?

        1. Will Godfrey Silver badge
          Happy

          Re: Bah!

          Nuffink... Innit.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like